Offer NAT as a Service
There is often the need to connect two or more networks with overlapping addresses over a VPN in regulated industries. The address spaces (often 10.0.0.0/8) can't be changed, however a DMZ subnet can be introduced in each network from the 172.16.0.0/12 address space. The DMZ subnets will not overlap between any network.
Just like the load balancer, make a NAT device a first class function citizen in virtual networking and allow us to define SNAT, DNAT or Full NAT. Feel free to require a dedicated subnet for the device.
Then make it easier for custom route rules to route traffic through this device.
This can be done today using Linux and iptables, but its cumbersome to maintain and patch.
Apologies. There was apparently a misunderstanding and the status has been corrected.
This specific feedback item is for NAT from private IP space to private IP address
I need to connect my privately IP'd applications (AKS clusters w/ ingresses) to 100's of customer networks over VPN. Customers have overlapping IP ranges; therefore, I need a way to NAT private IP addresses so I can control connectivity, routing, firewall rules, etc.
We have a real need for this in the healthcare industry. As a smaller ISV, the larger hospital networks we work with have this expectation of us. Please add this support.
Alexandre Ribeiro commented
NATing partner networks that connect to us thru VPN is basic. There should be no VPN solution that does not support NAT.
A private to private NAT service would be extremely helpful for VPN connected SaaS customers.
Sebastian Opel commented
@Yuri this is for private-public, not private-private afaik. https://docs.microsoft.com/en-us/cli/azure/network/nat/gateway?view=azure-cli-latest
Talieson Sisson commented
+1 would simplify things greatly for Enterprise organizations that want to give dev teams their own spaces.
Subodh Patil commented
+1. Any update ?
Any update on this would be great +1
Zouhair ECHCHELH commented
Any Updates for this.
Can we imgaine carrier grade /16 subnets NAT
Any update on this?
Jamie Gruener commented
This is exactly what we would need today. The client requires our side to be NAT'ed and not come through an internal IP across the VPN tunnel.
It looks like we're going to have to use a linux appliance to accomplish this which is high complexity and overhead for a company that doesn't have an infrastructure team.